A few days ago my neighbor, knowing that my company is a top web, app, and software development company, came to me with a story. My neighbor was going on a trip to Hawaii and decided to use Airbnb to find a place. So my neighbor went to the site – noticed that it was listed to not wire money to any client before you are at the place – and found a great place right on the beach.
The first flag was raised when a money transfer to the owner (located in Italy – second flag raised) was requested. My neighbor, remembering the warning on the main website and being of sound mind, decided to call AirBnB. So my neighbor called the number on the site, was connected to a technician and was told that a wire transfer was okay – but only in certain circumstance. Mainly this meant getting a confirmation number, which my neighbor had.
But, still not convinced, my neighbor decided to send and email to the tech depart and to use the AirBnB chat support on the website. Again, both the email and the tech on the chat confirmed that this was a legitimate listing. So my neighbor began to set up the wire transfer and was about to send it off, when the phone rang. It was AirBnB, telling them that they had been trying to call for a while – my neighbor had been talking to someone who was not AirBnb.
In other words, they were almost scammed. This was not a simple scan. It meant getting listed on AirBnB, creating a fake, identical AirBnB website, with all of the supporting tech tools. This was a sophisticated hack and demonstrates just how woefully unprepared many of us are for this level of skillful attack. Fortunately, my neighbor ended up being fine, but they did everything right and were still almost out thousands of dollars.
The above story, while not a hack like that of the US’ Democratic National Committee (DNC), was meant to highlight the fact that hackers today use a variety of tactics. The DNC hack in and of itself (as well as that of John Podesta and his staff) shows that hackers and scammers use basic trickery (a phishing email) and actual malware.
But this is more than just a danger that your email might get hacked. Digital security may be the single biggest point of concern for businesses today. You don’t even have to be a tech company to be concerned. If you use a computer that connects to the internet – heck if you use a SmartPhone – your business’ data is at risk. More than just your company, but your own personal privacy is at risk as well.
We live in a world where we hear about a major hack constantly. The high profile hacks began with Sony a few years ago, but security has always been an issue for people and organizations. The hacks are only getting more elaborate, as the above story was meant to elucidate. But data privacy is about more than just hacks; an uncomfortable amount of data is collected on people and businesses through entirely legitimate means.
So how can you, as a business owner (and as a person with a right to privacy), better protect yourself from hackers and just everyday routine data collection? Below are some steps to outline on how to improve security. No matter what steps you take protect your business, SDI can help!
But in the name of Data Privacy Day, let’s get to the good stuff.
1. Two-Step Verification and Two-Factor Authentication
a. While not the the same, both Two-Step Verification and Two-factor Authentication fall under the broader security protocol known as Multi-Factor Authentication (MFA). For the most part, the majority of Two-Step Verification (such as Google) are also Two-Factor Authentication. This is a process that has been recommended by tech wizards for two to three years now, but most of us fail to listen. While John Podesta’s emails could have still been hacked, some form of MFA would have made it significantly more difficult. By the same token, MFA is a necessary step a business needs to take to protect itself. Ensure that your system can easily guide employees through the process of setting up MFA and make it a company policy that all employees have it enabled.
2. Differential Privacy
a. Differential Privacy was popularized by Apple (who is a leader in protecting User Privacy) about a year ago. What it basically entails is adding another layer or filter through which user data must pass. This layer obfuscates the data, further anonymizing and protecting user data. This made more news recently when Apple announced that it will be used in their AI data collecting tools (i.e. Siri).
AI thrives off data, which poses concern for those who need their data kept private. Differential Privacy still feeds AI the data it needs, but does it from many anonymized sources. This security method is more directly applicable for personal users, but its growing popularity points to a market opportunity. Apps that use AI with Differential Privacy are likely to become highly sought after.
3. Cloud Security
a. One of the most hotly anticipated IPOs of 2017 is that of Silicon Valley Cloud Security company Zscaler. Cloud Security is finally turning perception around, showing the world that despite the myth, the Cloud is exceptionally secure – almost surely more secure than hardware. We don’t just mean security services delivered over the cloud; your business as a whole is more secure on the cloud than not.
The biggest threat to hardware is that anything that can be physically accessed is inherently more at risk. A report from 2012 (four whole years ago) clearly shows that while both Cloud and Hardware systems were attacked, business that used cloud services (i.e. servers and security) were attacked at a far lower rate.
If you want to see how secure you are, or create a more secure system – or start a whole new Tech Privacy business, SDI knows what it takes. With almost 20 years of creating secure, highly encrypted code, we create digital Fort Knoxes. Give us a call at 408.802.2885/408.621.8481 – or click to contact us!